Using Group Policy to hide and map specified drives

12 Shares

Do you remember the old days when we used the hide drives.adm template to hide specified drives along with some kind of hide drives calculator to get the proper value ? So if we wanted to hide drives for Domain Users but not the Domain Admins, we had to create another policy to lock it up again. Those days are long gone thanks to Group Policy Preferences, for me it’s the life before and after. Get rid of all your adm templates and 30+ page vbs logon scripts once for all. This will speed up the logon time and make your administration much easier.

To leverage Group Policy Preferences (GPP) you’ll need to administrate Group Policy’s from a Windows 2008 server (just member server) or Windows 7 with RSAT. On Windows XP and Windows 2003 machines you’ll need Group Policy Preference Client Side Extensions to properly read GPP settings.

Map network drives :

Open Group Policy Management Console (GPMC) and create a new policy. Browse to User Configuration – Preferences – Windows Settings – Drive Maps

In this example we map K: to the Accounting folder for all users member of the Accounting group. It’s possible to create many rules, if member of group A or B or and so on.

Hide Drives :

In this example we hide C: for all users except for Domain Admins. When you start playing around we GPP you’ll learn how really powerful it is. I highly recommend you start following Group Policy Center for weekly tips.

So here’s what I want you to do now :

  1. I hope you dig it – and that you’ll love it so much that you’ll share it with others
  2. You should become a Fan of my FaceBook page here
12 Shares

Automation Framework Community Edition

The fastest way to build your lab environment.

Virtual Expo

Friday 30th of September 2022

24 thoughts on “Using Group Policy to hide and map specified drives”

  1. Nice article. I’m always using RES PowerFuse here. A great product to manage the Workspace and for example hide drives (like in this article).

    Reply
  2. I’ve had problems with 2008 terminal servers in environments with 2003 AD servers… If you create the policy for a 2008 server NEVER edit it on a 2003 server and vice versa – it can corrupt the GPO, and then the fun starts.

    Reply
  3. Using of wrong configured GPO Mapped drives is heavy increasing the logon time. 🙁
    I recommend always in addition use Security filters on the GPO to reduce the logon time for users who has nothing to do with that GPO.

    Reply
    • Thanks Alexey, I do agree. Normally the home drive is common and the rest is based upon Item Target Leveling for the GPO Mapped Drives

      Reply
  4. I have seen that you in several articles praise the Group Policy Preferences (GPP).
    I agree from an administrators point of view. It’s very easy to administrate.
    But what about performance in a terminal server environment? Have you read this articel?
    http://bit.ly/adfVii

    We have made a script that cleans “c:\programdata\microsoft\group policy\history\” on reboot, but it feels like GPP is not realy intended to be used in terminal server environments.

    Reply
    • Thanks for your comment Erik, I haven’t read this before but it seems like this is fixed with W2K8 Service Pack 1. In terms of performance we always see faster login with GPP instead of loginscripts. The script you’re using is one way to fix this, but I personally mean that everybody with more than 4 servers should run Citrix Provisioning Services. So in a PVS environment this won’t happen since the disk is write protected.

      Reply
  5. Hi Eirik,

    thank you for your post.

    I created the GPO to map a drive from a Win 2008 TS and for a Win 2003 TS.

    The policy is applied to the Win 2003 server but the drive never appears on user sessions.

    I looked at the event viewer but found nothing.

    Have you have had such issue?

    Thanks

    Reply
  6. Thanks for your article, i need hide drives c:, d: and e: on my environment, because i need publish desktop for some users, i have a w2k8 servers x32, with xenApp 5, and w2k8 on domain, i try to make you say on this article but on my system i see always this drives, i can’t hide, when i configure drive maps on gpo to hide drives, i have one yellow triangle upper the name c:, d: or e:, what is wrong ? can you help me ? many thanks

    Reply
  7. Hi there,
    I played around with this “hidden” option and it seems to me that the removal behaviour sucks:
    The mapped and hidden drive has gone, but every other share, mapped to that drive manually, is still hidden.
    anyone out there, having an idea or a solution?
    regards
    Wolfgang

    Reply
  8. This is a great option for hiding the drives, especially in a XenApp or XenDesktop environment. Is there an easy way to also restrict access to drives or are we stuck with using the old style ADM templates?

    Reply
    • In GPMC under Windows Explorer you’ll find a policy called “Prevent access to drives from My Computer”. Prevents users from using My Computer to gain access to the content of selected drives.

      If you enable this setting, users can browse the directory structure of the selected drives in My Computer or Windows Explorer, but they cannot open folders and access the contents. Also, they cannot use the Run dialog box or the Map Network Drive dialog box to view the directories on these drives.

      Reply
  9. I believe you can hide multiple drives more easily with the GPO: User Configuration -> Administrative Templates -> Windows Components -> Windows Explorer -> Hide these specific drives in My Computer

    Reply

Leave a Comment